Hi All,
I'm a newbie to the Splunk world and trying to figure out a couple things. I currently have Splunk Light installed and used the "Remote Event Log Collection" option to collect logs from my system. My question is: Can I create filters to only capture certain events from the security logs? Or do I need to configure the universal forwarder to collect the logs from my systems then configure filters prior to data getting indexed? Thanks, any info you can provide would be great.
↧